summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Object.pm3
-rw-r--r--Bugzilla/Product.pm11
-rw-r--r--Bugzilla/User.pm11
-rw-r--r--Bugzilla/WebService/Bug.pm2
4 files changed, 20 insertions, 7 deletions
diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm
index 92353b6a0..4ee362945 100644
--- a/Bugzilla/Object.pm
+++ b/Bugzilla/Object.pm
@@ -134,7 +134,8 @@ sub check {
# We don't want to override the normal template "user" object if
# "user" is one of the params.
delete $param->{user};
- ThrowUserError('object_does_not_exist', { %$param, class => $class });
+ my $error = delete $param->{_error} || 'object_does_not_exist';
+ ThrowUserError($error, { %$param, class => $class });
}
return $obj;
}
diff --git a/Bugzilla/Product.pm b/Bugzilla/Product.pm
index 0228aca02..c993905db 100644
--- a/Bugzilla/Product.pm
+++ b/Bugzilla/Product.pm
@@ -913,6 +913,17 @@ sub check_product {
return $product;
}
+sub check {
+ my ($class, $params) = @_;
+ $params = { name => $params } if !ref $params;
+ $params->{_error} = 'product_access_denied';
+ my $product = $class->SUPER::check($params);
+ if (!Bugzilla->user->can_access_product($product)) {
+ ThrowUserError('product_access_denied', $params);
+ }
+ return $product;
+}
+
1;
__END__
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 59324383f..06c6be5cb 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -810,8 +810,8 @@ sub get_enterable_products {
}
sub can_access_product {
- my ($self, $product_name) = @_;
-
+ my ($self, $product) = @_;
+ my $product_name = blessed($product) ? $product->name : $product;
return scalar(grep {$_->name eq $product_name} @{$self->get_accessible_products});
}
@@ -2055,10 +2055,11 @@ the database again. Used mostly by L<Bugzilla::Product>.
Returns: an array of product objects.
-=item C<can_access_product(product_name)>
+=item C<can_access_product($product)>
-Returns 1 if the user can search or enter bugs into the specified product,
-and 0 if the user should not be aware of the existence of the product.
+Returns 1 if the user can search or enter bugs into the specified product
+(either a L<Bugzilla::Product> or a product name), and 0 if the user should
+not be aware of the existence of the product.
=item C<get_accessible_products>
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index 6051a1d1c..53f3255d1 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -434,7 +434,7 @@ sub legal_values {
defined $id || ThrowCodeError('param_required',
{ function => 'Bug.legal_values', param => 'product_id' });
grep($_->id eq $id, @{Bugzilla->user->get_accessible_products})
- || ThrowUserError('product_access_denied', { product => $id });
+ || ThrowUserError('product_access_denied', { id => $id });
my $product = new Bugzilla::Product($id);
my @objects;